(PHP 5 >= 5.2.0, PHP 7, PHP 8)
filter_input_array — Gets external variables and optionally filters them
$type, array |int $options = FILTER_DEFAULT , bool $add_empty = true ): array |false |null This function is useful for retrieving many values without repetitively calling filter_input() .
typeINPUT_* constants.
The content of the superglobal that is being filtered is the original "raw" content provided by the SAPI, prior to any user modification to the superglobal. To filter a modified superglobal use filter_var_array() instead.
optionsFILTER_VALIDATE_*
constants, or a sanitization filter by using one of the
FILTER_SANITIZE_*
constants.
The option array is an associative array where the key corresponds
to a key in the data array and the associated
value is either the filter to apply to this entry,
or an associative array describing how and which filter should be
applied to this entry.
The associative array describing how a filter should be applied
must contain the 'filter' key whose associated
value is the filter to apply, which can be one of the
FILTER_VALIDATE_* ,
FILTER_SANITIZE_* ,
FILTER_UNSAFE_RAW , or
FILTER_CALLBACK constants.
It can optionally contain the 'flags' key
which specifies and flags that apply to the filter,
and the 'options' key which specifies any options
that apply to the filter.
add_empty
Add missing keys as null to the return value.
On success, an array containing the values of the requested variables.
On failure, false is returned.
Except if the failure is that the input array designated by
type is not populated where null is returned
if the FILTER_NULL_ON_FAILURE flag is used.
Missing entries from the input array will be populated into the returned
array if add_empty is true .
In which case, missing entries will be set to null ,
unless the FILTER_NULL_ON_FAILURE flag is used,
in which case it will be false .
An entry of the returned array will be false if the filter fails,
unless the FILTER_NULL_ON_FAILURE flag is used,
in which case it will be null .
Note:
There is no
REQUEST_TIMEkey inINPUT_SERVERarray because it is inserted into the $_SERVER later.
FILTER_VALIDATE_*
FILTER_SANITIZE_*
Note that although you can provide a default filter for the entire input array there is no way to provide a flag for that filter without building the entire definition array yourself.
So here is a small function that can alleviate this hassle!
<?php
function filter_input_array_with_default_flags($type, $filter, $flags, $add_empty = true) {
$loopThrough = array();
switch ($type) {
case INPUT_GET : $loopThrough = $_GET; break;
case INPUT_POST : $loopThrough = $_POST; break;
case INPUT_COOKIE : $loopThrough = $_COOKIE; break;
case INPUT_SERVER : $loopThrough = $_SERVER; break;
case INPUT_ENV : $loopThrough = $_ENV; break;
}
$args = array();
foreach ($loopThrough as $key=>$value) {
$args[$key] = array('filter'=>$filter, 'flags'=>$flags);
}
return filter_input_array($type, $args, $add_empty);
}
?>[New Version]
This function is very useful for filtering complicated array structure.
Also, Some integer bitmasks and invalid UTF-8 sequence detection are available.
Code:
<?php
/**
* @param integer $type Constant like INPUT_XXX.
* @param array $default Default structure of the specified super global var.
* Following bitmasks are available:
* + FILTER_STRUCT_FORCE_ARRAY - Force 1 dimensional array.
* + FILTER_STRUCT_TRIM - Trim by ASCII control chars.
* + FILTER_STRUCT_FULL_TRIM - Trim by ASCII control chars,
* full-width and no-break space.
* @return array The value of the filtered super global var.
*/
define('FILTER_STRUCT_FORCE_ARRAY', 1);
define('FILTER_STRUCT_TRIM', 2);
define('FILTER_STRUCT_FULL_TRIM', 4);
function filter_struct_utf8($type, array $default) {
static $func = __FUNCTION__;
static $trim = "[\\x0-\x20\x7f]";
static $ftrim = "[\\x0-\x20\x7f\xc2\xa0\xe3\x80\x80]";
static $recursive_static = false;
if (!$recursive = $recursive_static) {
$types = array(
INPUT_GET => $_GET,
INPUT_POST => $_POST,
INPUT_COOKIE => $_COOKIE,
INPUT_REQUEST => $_REQUEST,
);
if (!isset($types[(int)$type])) {
throw new LogicException('unknown super global var type');
}
$var = $types[(int)$type];
$recursive_static = true;
} else {
$var = $type;
}
$ret = array();
foreach ($default as $key => $value) {
if ($is_int = is_int($value)) {
if (!($value | (
FILTER_STRUCT_FORCE_ARRAY |
FILTER_STRUCT_FULL_TRIM |
FILTER_STRUCT_TRIM
))) {
$recursive_static = false;
throw new LogicException('unknown bitmask');
}
if ($value & FILTER_STRUCT_FORCE_ARRAY) {
$tmp = array();
if (isset($var[$key])) {
foreach ((array)$var[$key] as $k => $v) {
if (!preg_match('//u', $k)){
continue;
}
$value &= FILTER_STRUCT_FULL_TRIM | FILTER_STRUCT_TRIM;
$tmp += array($k => $value ? $value : '');
}
}
$value = $tmp;
}
}
if ($isset = isset($var[$key]) and is_array($value)) {
$ret[$key] = $func($var[$key], $value);
} elseif (!$isset || is_array($var[$key])) {
$ret[$key] = null;
} elseif ($is_int && $value & FILTER_STRUCT_FULL_TRIM) {
$ret[$key] = preg_replace("/\A{$ftrim}++|{$ftrim}++\z/u", '', $var[$key]);
} elseif ($is_int && $value & FILTER_STRUCT_TRIM) {
$ret[$key] = preg_replace("/\A{$trim}++|{$trim}++\z/u", '', $var[$key]);
} else {
$ret[$key] = preg_replace('//u', '', $var[$key]);
}
if ($ret[$key] === null) {
$ret[$key] = $is_int ? '' : $value;
}
}
if (!$recursive) {
$recursive_static = false;
}
return $ret;
}
?>This function is very useful for filtering complicated array structure.
Code:
<?php
function filter_request($var, $default_structure) {
$ret = array();
foreach ($default_structure as $key => $value) {
if (!isset($var[$key])) {
$ret[$key] = $value;
} elseif (is_array($value)) {
$ret[$key] = filter_request($var[$key], $value);
} elseif (is_array($var[$key])) {
$ret[$key] = $value;
} else {
$ret[$key] = $var[$key];
}
}
return $ret;
}
?>
Sample Usage:
<?php
$_GET['a']['wrong_structure'] = 'foo';
$_GET['b']['c'] = 'CORRECT';
$_GET['b']['d']['wrong_structure'] = 'bar';
$_GET['unneeded_item'] = 'baz';
var_dump(filter_request($_GET, array(
'a' => 'DEFAULT',
'b' => array(
'c' => 'DEFAULT',
'd' => 'DEFAULT',
),
)));
?>
Sample Result:
array(2) {
["a"]=>
string(21) "DEFAULT"
["b"]=>
array(2) {
["c"]=>
string(12) "CORRECT"
["d"]=>
string(21) "DEFAULT"
}
}Beware: if none of the arguments is set, this function returns NULL, not an array of NULL values.
/* No POST vars set in request
$_POST = array();
*/
$args = array('some_post_var' => FILTER_VALIDATE_INT);
$myinputs = filter_input_array(INPUT_POST, $args);
var_dump($myinputs);
Expected Output: array(1) { ["some_post_var"]=> NULL }
Actual Output: NULLLooks like filter_input_array isn't aware of changes to the input arrays that were made before calling filter_input_array. Instead, it always looks at the originally submitted input arrays.
So this will not work:
$_POST['my_float_field'] = str_replace(',','.',$_POST['my_float_field']);
$args = array('my_float_field',FILTER_VALIDATE_FLOAT);
$result = filter_input_array(INPUT_POST, $args);[New Version]
Example Usage:
<?php
$_GET['A']['a'] = ' CORRECT(including some spaces) ';
$_GET['A']['b'] = ' CORRECT(including some spaces) ';
$_GET['A']['c'] = "Invalid UTF-8 sequence: \xe3\xe3\xe3";
$_GET['A']['d']['invalid_structure'] = 'INVALID';
$_GET['B']['a'] = ' CORRECT(including some spaces) ';
$_GET['B']['b'] = "Invalid UTF-8 sequence: \xe3\xe3\xe3";
$_GET['B']['c']['invalid_structure'] = 'INVALID';
$_GET['B']["Invalid UTF-8 sequence: \xe3\xe3\xe3"] = 'INVALID';
$_GET['C']['a'] = ' CORRECT(including some spaces) ';
$_GET['C']['b'] = "Invalid UTF-8 sequence: \xe3\xe3\xe3";
$_GET['C']['c']['invalid_structure'] = 'INVALID';
$_GET['C']["Invalid UTF-8 sequence: \xe3\xe3\xe3"] = 'INVALID';
$_GET['unneeded_item'] = 'UNNEEDED';
var_dump(filter_struct_utf8(INPUT_GET, array(
'A' => array(
'a' => '',
'b' => FILTER_STRUCT_TRIM,
'c' => '',
'd' => '',
),
'B' => FILTER_STRUCT_FORCE_ARRAY,
'C' => FILTER_STRUCT_FORCE_ARRAY | FILTER_STRUCT_TRIM,
)));
?>
Example Result:
array(3) {
["A"]=>
array(4) {
["a"]=>
string(36) " CORRECT(including some spaces) "
["b"]=>
string(30) "CORRECT(including some spaces)"
["c"]=>
string(0) ""
["d"]=>
string(0) ""
}
["B"]=>
array(3) {
["a"]=>
string(36) " CORRECT(including some spaces) "
["b"]=>
string(0) ""
["c"]=>
string(0) ""
}
["C"]=>
array(3) {
["a"]=>
string(30) "CORRECT(including some spaces)"
["b"]=>
string(0) ""
["c"]=>
string(0) ""
}
}While filtering input arrays, be careful of what flags you set besides FILTER_REQUIRE_ARRAY. For example, setting the flags like so:
<?php
$filter = array(
'myInputArr' => array('filter' => FILTER_SANITIZE_STRING,
'flags' => array('FILTER_FLAG_STRIP_LOW', 'FILTER_REQUIRE_ARRAY'))
);
$form_inputs = filter_input_array(INPUT_POST, $filter);
?>
.. will result in a blank $form_inputs['myInputArr'] regardless of what $_POST['myInputArr'] contains.If you are trying to handling multiple form inputs with same name, then you must assign the `'flags' => FILTER_REQUIRE_ARRAY` to the definitions entry.
Example, you have a html form as such:
<form>
<input name="t1[]" value="Some string One" />
<input name="t1[]" value="Another String Two" />
</form>
Your definitions array will look a little like this:
$args = array(
't1' => array(
'name' => 't1',
'filter' => FILTER_SANITIZE_STRING,
'flags' => FILTER_REQUIRE_ARRAY)
);Here's an extended function that allows you to keep also the unfiltered items/args from the request, while you also apply validation to some of them:
<?php
$validationRules = [
'foo' => [
'filter' => FILTER_VALIDATE_REGEXP,
'options' => ['regexp' => '/^(bar|baz)$/i']
]
];
$request = filter_input_array_keep_unfiltered_args(INPUT_POST, $validationRules);
var_dump($request);
function filter_input_array_keep_unfiltered_args($type, $filters, $addEmpty = true)
{
$rawRequest = filter_input_array($type);
$validationRules = [];
foreach ($rawRequest as $key => $value) {
$validationRules[$key] = isset($filters[$key]) ? $filters[$key] : ['filter' => FILTER_DEFAULT];
}
return filter_input_array($type, $validationRules, $addEmpty);
}
?>